By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This has created an environment that security teams have had to come to terms with quickly.

Roman Foeckl, CEO at security supplier CoSoSys, says the increasing number of mobile devices in the enterprise, and new versions of an operating system, is forcing organisations to rethink ways of securing corporate data.

It is not just about mobile the applications, he says, but also how employees interact with other organisations and people. Mobile provides low-cost computing power that is available to everyone and enables staff to collaborate with others, but this is a recipe for security breaches in businesses.

Foeckl says traditional security is irrelevant in many cases. For example, he says the shift from open file systems (Windows 7) to application sandboxes (Android, iOS, Windows Phone/Pro/RT), is making traditional antimalware, especially antivirus, less relevant.

For example, on iOS, there is little need for antimalware or antivirus products because neither they, nor any other app on the device, can access another app’s storage or memory.

According to Foeckl, when planning a mobile security strategy there is no one size fits all: "Every company has to choose a cross-platform solution that works on Apple iOS, Android mobile devices, Windows, Mac OS X and Linux computers to cover the entire fleet of workstations."

Sufficient resources for data loss protection

But what are companies doing to incorporate endpoint and mobile security tools in applications to make sure they are secure?

"This can be achieved by implementing data loss prevention (DLP) features into applications and more," says Foeckl. "However, the administrators have to be sure that IT resources under their control are ready to co-operate with advanced features like file tracing and file shadowing."

With DLP, he says, the amount of data being monitored and the number of copies stored could quickly absorb a sizeable chunk of the available IT resources.

"In European countries, sometimes we are faced with the situation that a CIO or administrator evaluates resources as insufficient for DLP use," says Foeckl. "In such cases it is recommended to look at cloud-managed DLP and mobile device management [MDM] that offer easy evaluation, implementation and scalability. It’s also a good way to safely reap the benefits of the cloud protecting data."

In central and eastern European countries, one obstacle is the fact that many companies still prefer their own datacentres or computing power over cloud services, says Foecki.

Authorisation and security awareness

The software being used in enterprises is changing, so security teams must understand different security features and their limitations.

Foeckl says CoSoSys increasingly supports Macs and iOS devices. It has experience with preventing data breaches that could happen with the use of Google Drive, One Drive, Dropbox, on Windows and Mac OS X computers, for example.

"When it comes to Android, in the next versions we expect to see more security features added directly from Google," he says.

Google’s Android lock functionality should help relieve at least some of the concerns that IT administrators might have in allowing employees to use Android devices to access and store business applications and data.

"One of the main tasks of administrators is to set authorisation levels for employees according to departmental and task requirements. They also have to ensure that security does not limit accessibility," according to Foeckl. "For example, two users on the same device will mean two completely different levels of authorisation for transferring data. This flexibility marries convenience with security."

Foeckl advises that the implementation of DLP involves testing a variety of risk scenarios, such as content sharing and portable device threats, and admits that one of the main challenges for CoSoSys in Europe lies in a need to lead constant education about DLP.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy